131 Security Blogs

Last Updated: 26 Apr 25 04:19 UTC

Blog List | Github | OPML

2025-04-25

Rapid7

Metasploit Wrap-Up 04/25/2025

Malwarebytes

AI is getting “creepy good” at geo-guessing

SentinelOne

The Good, the Bad and the Ugly in Cybersecurity – Week 17

Microsoft Security

Explore practical best practices to secure your data with Microsoft Purview

Schneier on Security

Friday Squid Blogging: Squid Facts on Your Phone

Schneier on Security

Cryptocurrency Thefts Get Physical

Datadog HQ

Enhance your automated workflows and apps with Datastore

Google Safety & Security

4 ways Google is combatting scams in Asia Pacific

Dark Reading

Mobile Applications: A Cesspool of Security Issues

Dark Reading

How Organizations Can Leverage Cyber Insurance Effectively

Dark Reading

Vehicles Face 45% More Attacks, 4 Times More Hackers

Dark Reading

Phishing Kit Darcula Gets Lethal AI Upgrade

Atredis Partners

3D Printing Flying Probe Test Harnesses: Can you?

Ars Technica Security

FBI offers $10 million for information about Salt Typhoon members

Palo Alto Networks

Deliver Exceptional User Experience with ADEM Now Available on NGFW

Moonlock

Convincing phishing campaign is spoofing a Google email

ReversingLabs

What is the xBOM?

ReversingLabs

Secure Your AI Supply Chain with the ML-BOM

Searchlight Cyber

4chan Forum Hacked and Internal Data Leaked

2025-04-24

Rapid7

THE NEW Rapid7 MDR for Enterprise: Tailored Detection and Response for Complex Environments

Malwarebytes

Zoom attack tricks victims into allowing remote access to install malware and steal money

Malwarebytes

Android malware turns phones into malicious tap-to-pay machines

Malwarebytes

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

SentinelOne

Understanding Threat Vectors in Using Amazon SageMaker AI

Auth0

Enforce Customer Email Verification in Your B2B Blazor Web App

Fastly

Global Streaming Trends: How Bundling Strategies Are Changing

Talos Intelligence

Lessons from Ted Lasso for cybersecurity success

Microsoft Security

New whitepaper outlines the taxonomy of failure modes in AI agents

Okta Security

How AI services power the DPRK’s IT contracting scams

Eclypsium

Eclypsium Supply Chain Security Platform Now Offered Through GuidePoint Security

Troy Hunt

You'll Soon Be Able to Sign in to Have I Been Pwned (but Not Login, Log in or Log On)

Project Black

Code Assisted Penetration Testing

Schneier on Security

New Linux Rootkit

Datadog HQ

What's new for scheduling, scalability, and performance in Kubernetes v1.33?

Datadog HQ

How to improve the security of your Infrastructure-as-Code deployments

Datadog HQ

Create actionable postmortems automatically with Datadog

Datadog HQ

Monitor Temporal Cloud with Datadog

Datadog HQ

Building an LLM evaluation framework: best practices

Elastic Security Labs

Now available: the 2025 State of Detection Engineering at Elastic

watchTowr Labs

Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)

Dark Reading

[Virtual Event] Anatomy of a Data Breach: And what to do if it happens to you

Dark Reading

'SessionShark' ToolKit Evades Microsoft Office 365 MFA

Dark Reading

Digital Twins Bring Simulated Security to the Real World

Dark Reading

Max-Severity Commvault Bug Alarms Researchers

Dark Reading

NFC-Powered Android Malware Enables Instant Cash-Outs

Dark Reading

Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers

Dark Reading

FBI: Cybercrime Losses Rocket to $16.6B in 2024

Dark Reading

Navigating Regulatory Shifts & AI Risks

Dark Reading

'Industrial-Scale' Asian Scam Centers Expand Globally

The Citizen Lab

The Real Lesson of SignalGate: A Surveillance Arms Race Has Poked a Gaping Hole in National Security

The Citizen Lab

Ron Deibert on CBC Ideas: Spyware Abusers Can Easily Hack Your Phone and Surveil You

Bishop Fox Security

SonicWall Sonicos Versions 7.1.x and 8.0.x

Ars Technica Security

New Android spyware is targeting Russian military personnel on the front lines

TrustedSec

The Necessity of Active Testing – Detection Edition

Palo Alto Networks

Bruce Byrd on Public-Private Partnerships in Cybersecurity

Moonlock

What is trojan horse malware, and how harmful is it to your Mac?

Moonlock

What is malware? How it works and how to handle it

Moonlock

The top 10 types of malware that can infect your Mac

Moonlock

Fake wine-tasting invites lure EU diplomats into installing malware

ReversingLabs

Verizon 2025 DBIR: Third-party software risk takes the spotlight

2025-04-23

Rapid7

From Noise to Action: Introducing Intelligence Hub

Malwarebytes

Shopify faces privacy lawsuit for collecting customer data

Talos Intelligence

Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs

Microsoft Security

Understanding the threat landscape for Kubernetes and containerized assets

Amazon Security

How to import existing AWS Organizations SCPs and RCPs to CloudFormation

Project Black

Nessus Reporting Customisation & Analysis

Schneier on Security

Regulating AI Behavior with a Hypervisor

Datadog HQ

Datadog acquires Metaplane

Datadog HQ

Evaluate LLMs and LLM applications for accuracy with NVIDIA NeMo Evaluator and Datadog LLM Observability

Datadog HQ

Key learnings from the 2025 State of DevSecOps study

Trail of Bits

How MCP servers can steal your conversation history

Dark Reading

Microsoft Claims Steady Progress Revamping Security Culture

Dark Reading

Ransomware Gangs Innovate With New Affiliate Models

Dark Reading

Attackers Capitalize on Mistakes to Target Schools

Dark Reading

Popular British Retailer Marks & Spencer Addresses 'Cyber Incident'

Dark Reading

North Korean Operatives Use Deepfakes in IT Job Interviews

Dark Reading

Japan Warns on Unauthorized Stock Trading via Stolen Credentials

Dark Reading

Kubernetes Pods Are Inheriting Too Many Permissions

Dark Reading

The Foundations of a Resilient Cyber Workforce

Dark Reading

Zambia's Updated Cyber Laws Prompt Surveillance Warnings

Dark Reading

Verizon: Edge Bugs Soar, Ransoms Lag, SMBs Bedeviled

PortSwigger

Document My Pentest: you hack, the AI writes it up!

Offensive Security

CVE-2025-32433: Vulnerability in Erlang/OTP SSH Implementation

Synacktiv

CVE-2025-23016 - Exploiter la bibliothèque FastCGI

Krebs on Security

DOGE Worker’s Code Supports NLRB Whistleblower

Moonlock

What is PUP malware, and how can you get rid of potentially unwanted programs?

Moonlock

In the Black Mirror-esque future, could someone hack into your brain?

ReversingLabs

Changes to CVE program are a call to action on your AppSec strategy

Searchlight Cyber

A New Era of Attack Surface Management Roles in Cybersecurity

2025-04-22

Malwarebytes

All Gmail users at risk from clever replay attack

Cloudflare

New year, no shutdowns: the Q1 2025 Internet disruption summary

SentinelOne

SentinelOne Sets a New Standard | Truly AI-Driven & Unified Cloud Security

Talos Intelligence

Year in Review: Attacks on identity and MFA

Kevin Beaumont

Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability

Amazon Security

AWS empowers global security culture at Wicked6 Cyber Games

Snyk

Snyk Ushers in the Future of DAST: AI-Driven Security for the Age of AI-Driven Development

Troy Hunt

Weekly Update 448

Schneier on Security

Android Improves Its Security

Datadog HQ

Anomaly detection, predictive correlations: Using AI-assisted metrics monitoring

Dark Reading

How Emerging AI Frameworks Drive Business Value and Mitigate Risk

Dark Reading

Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558

Dark Reading

City of Abilene Goes Offline in Wake of Cyberattack

Dark Reading

3 More Healthcare Orgs Hit by Ransomware Attacks

Dark Reading

'Cookie Bite' Entra ID Attack Exposes Microsoft 365

Dark Reading

Terra Security Automates Penetration Testing With Agentic AI

Dark Reading

DeepSeek Breach Opens Floodgates to Dark Web

Mend

Mend.io & HeroDevs Partnership: Eliminate Risks in Deprecated Package

TrustedSec

How Far Should You Let Penetration Testers Go?

Krebs on Security

Whistleblower: DOGE Siphoned NLRB Case Data

2025-04-21

Rapid7

Top Lessons from Take Command 2025

Malwarebytes

A week in security (April 12 – April 18)

Malwarebytes

Did DOGE “breach” Americans’ data? (Lock and Code S06E08)

Auth0

Announcing a New Release of the Auth0 OIDC Client for .NET

Kevin Beaumont

Microsoft Recall on Copilot+ PC: testing the security and privacy implications

Microsoft Security

Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative

SpiderLabs

Agent In the Middle – Abusing Agent Cards in the Agent-2-Agent (A2A) Protocol To ‘Win’ All the Tasks

Trail of Bits

Jumping the line: How MCP servers can attack you before you ever use them

Trail of Bits

Kicking off AIxCC’s Finals with Buttercup

Dark Reading

'Fog' Hackers Troll Victims With DOGE Ransom Notes

Dark Reading

'Elusive Comet' Attackers Use Zoom to Swindle Victims

Dark Reading

Nation-State Threats Put SMBs in Their Sights

Dark Reading

Can Cybersecurity Weather the Current Economic Chaos?

Dark Reading

ASUS Urges Users to Patch AiCloud Router Vuln Immediately

Dark Reading

The Global AI Race: Balancing Innovation and Security